ci: use lockfile to install packages

[koji]

Overview

use lockfile to install packages on CI.
this will mitigation strategy for compromised npm packages

close AUTH-2853

Test Plan and Hands on Testing

• none

Changelog

• add setup-js-ci for CI

Review requests

• What do you need from reviewers to feel confident this PR is ready to merge?
• Ask questions.

Risk assessment

low

[Copilot]

Pull request overview

This PR updates the CI JavaScript dependency installation to use a lockfile-enforced install, improving determinism and reducing the chance of unexpected dependency drift in CI runs (AUTH-2853).

Changes:

• Add a dedicated setup-js-ci Makefile target that runs yarn install --frozen-lockfile for CI.
• Update multiple GitHub Actions workflows and the shared JS setup composite action to use make setup-js-ci.
• Minor whitespace cleanup in the Makefile and a workflow file.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
Makefile	Adds setup-js-ci target using yarn install --frozen-lockfile; minor formatting cleanup.
.github/workflows/shared-data-test-lint-deploy.yaml	Switches CI JS setup to make setup-js-ci; trims trailing whitespace.
.github/workflows/react-api-client-test.yaml	Switches CI JS setup to make setup-js-ci.
.github/workflows/g-code-testing-lint-test.yaml	Switches CI JS setup to make setup-js-ci.
.github/actions/js/setup/action.yml	Updates composite action to run make setup-js-ci instead of make setup-js.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 57.38%. Comparing base (aca190d) to head (696ddd2).
⚠️ Report is 3 commits behind head on edge.

Additional details and impacted files

@@           Coverage Diff           @@
##             edge   #21163   +/-   ##
=======================================
  Coverage   57.37%   57.38%           
=======================================
  Files        3924     3924           
  Lines      321830   321830           
  Branches    46353    46358    +5     
=======================================
+ Hits       184660   184670   +10     
+ Misses     136947   136937   -10     
  Partials      223      223           

Flag	Coverage Δ
app	45.16% <ø> (-0.01%)	⬇️
protocol-designer	19.95% <ø> (ø)
step-generation	5.69% <ø> (-0.01%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.
see 1 file with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[SyntaxColoring]

I'm surprised we weren't doing this already. Good catch.